Overview
overview
10Static
static
10virus/Froz...ED.exe
windows10-ltsc 2021-x64
10virus/Wire...64.exe
windows10-ltsc 2021-x64
9$PLUGINSDI...ns.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...em.dll
windows10-ltsc 2021-x64
3Qt6Gui.dll
windows10-ltsc 2021-x64
1Qt6Network.dll
windows10-ltsc 2021-x64
1Qt6Svg.dll
windows10-ltsc 2021-x64
1USBPcapSet....0.exe
windows10-ltsc 2021-x64
8WinSparkle.dll
windows10-ltsc 2021-x64
1Wireshark.exe
windows10-ltsc 2021-x64
3brotlicommon.dll
windows10-ltsc 2021-x64
1bz2.dll
windows10-ltsc 2021-x64
1charset-1.dll
windows10-ltsc 2021-x64
1comerr64.dll
windows10-ltsc 2021-x64
1d3dcompiler_47.dll
windows10-ltsc 2021-x64
1snappy.dll
windows10-ltsc 2021-x64
1snmp/mibs/...IB.vbs
windows10-ltsc 2021-x64
1snmp/mibs/...IB.vbs
windows10-ltsc 2021-x64
1snmp/mibs/...IB.vbs
windows10-ltsc 2021-x64
1snmp/mibs/...IB.vbs
windows10-ltsc 2021-x64
1styles/qwi...le.dll
windows10-ltsc 2021-x64
1tls/qcerto...nd.dll
windows10-ltsc 2021-x64
1tls/qopens...nd.dll
windows10-ltsc 2021-x64
1tls/qschan...nd.dll
windows10-ltsc 2021-x64
1tshark.exe
windows10-ltsc 2021-x64
1tshark.html
windows10-ltsc 2021-x64
4vc_redist.x64.exe
windows10-ltsc 2021-x64
7wireshark-filter.html
windows10-ltsc 2021-x64
4wireshark.html
windows10-ltsc 2021-x64
4zlib-ng2.dll
windows10-ltsc 2021-x64
1zlib1.dll
windows10-ltsc 2021-x64
1zstd.dll
windows10-ltsc 2021-x64
1Analysis
-
max time kernel
450s -
max time network
1151s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
11-12-2024 15:58
Behavioral task
behavioral1
Sample
virus/FrozenPerm_CRACKED.exe
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral2
Sample
virus/Wireshark-4.4.2-x64.exe
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral5
Sample
Qt6Gui.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral6
Sample
Qt6Network.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral7
Sample
Qt6Svg.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral8
Sample
USBPcapSetup-1.5.4.0.exe
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral9
Sample
WinSparkle.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral10
Sample
Wireshark.exe
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral11
Sample
brotlicommon.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral12
Sample
bz2.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral13
Sample
charset-1.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral14
Sample
comerr64.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral15
Sample
d3dcompiler_47.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral16
Sample
snappy.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral17
Sample
snmp/mibs/AGGREGATE-MIB.vbs
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral18
Sample
snmp/mibs/DISMAN-EVENT-MIB.vbs
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral19
Sample
snmp/mibs/DISMAN-EXPRESSION-MIB.vbs
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral20
Sample
snmp/mibs/FRAME-RELAY-DTE-MIB.vbs
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral21
Sample
styles/qwindowsvistastyle.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral22
Sample
tls/qcertonlybackend.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral23
Sample
tls/qopensslbackend.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral24
Sample
tls/qschannelbackend.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral25
Sample
tshark.exe
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral26
Sample
tshark.html
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral27
Sample
vc_redist.x64.exe
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral28
Sample
wireshark-filter.html
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral29
Sample
wireshark.html
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral30
Sample
zlib-ng2.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral31
Sample
zlib1.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
Behavioral task
behavioral32
Sample
zstd.dll
Resource
win10ltsc2021-20241023-en
windows10-ltsc 2021-x64
General
-
Target
Wireshark.exe
-
Size
9.6MB
-
MD5
a6e536a1bfda8f0c8e8e5b1d79ea7845
-
SHA1
dd92b8145a85d8c73b3aefb8f8dc9b30c924b162
-
SHA256
0c6e98e7449f34467d0287baddee200be141828bc047cf78ced82459d7a5bf3e
-
SHA512
37b02444f59efdea8db93ea250865ad32257bd9dc781d918be4083d5be4a4bac990b1ef9b935e0157a87a1043ee89a0ccf5827d1e8606dc5ea55fd5128a5d58e
-
SSDEEP
196608:2n1KwIBQG4P/JAVRCjjCkjGQ5BbU5UjLwM35MzLRBG:2n1KwI7o/JUCjjCkjH5dU5lPRM
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 21 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor dumpcap.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 dumpcap.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 dumpcap.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor Wireshark.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor Wireshark.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Wireshark.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor dumpcap.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 dumpcap.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor dumpcap.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor dumpcap.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString dumpcap.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor Wireshark.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Wireshark.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Wireshark.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString dumpcap.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString dumpcap.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor dumpcap.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 dumpcap.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString dumpcap.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor dumpcap.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString Wireshark.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 5012 Wireshark.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 5012 Wireshark.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 5012 Wireshark.exe 5012 Wireshark.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 5012 wrote to memory of 1364 5012 Wireshark.exe 82 PID 5012 wrote to memory of 1364 5012 Wireshark.exe 82 PID 5012 wrote to memory of 4524 5012 Wireshark.exe 84 PID 5012 wrote to memory of 4524 5012 Wireshark.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\Wireshark.exe"C:\Users\Admin\AppData\Local\Temp\Wireshark.exe"1⤵
- Checks processor information in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5012 -
C:\Users\Admin\AppData\Local\Temp\dumpcap.exeC:\Users\Admin\AppData\Local\Temp\dumpcap.exe --log-level MESSAGE -S -D -L --signal-pipe 5012.dummy -Z 18682⤵
- Checks processor information in registry
PID:1364
-
-
C:\Users\Admin\AppData\Local\Temp\dumpcap.exeC:\Users\Admin\AppData\Local\Temp\dumpcap.exe --log-level MESSAGE -D -Z 18522⤵
- Checks processor information in registry
PID:4524
-